/*
 * Copyright 2016-2017 TVI Go Easy.
 * Created on 2017/4/28 15:39
 */
package org.mechanic.fund.web.system;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.mechanic.core.web.HttpStatusCode;
import org.mechanic.exception.LoginException;
import org.mechanic.fund.config.WcBaseInfoProperties;
import org.mechanic.fund.web.BaseController;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

/**
 * 用户登录 API
 *
 * @author mechanic
 * @version 0.0.1
 */
@Api("用户登录相关接口")
@RestController
public class LoginController extends BaseController {
    private static final Logger logger = LoggerFactory.getLogger(LoginController.class);

    private final WcBaseInfoProperties properties;

    @Autowired
    public LoginController(WcBaseInfoProperties properties) {this.properties = properties;}

    @ApiOperation(value = "用户登录")
    @GetMapping(value = "login")
    public Object login(
      @ApiParam(value = "登录账户", required = true) @RequestParam(required = true) String account,
      @ApiParam(value = "登录密码", required = true) @RequestParam(required = true) String password) {
        logger.info("token!!!" + properties.getCorpToken());

        UsernamePasswordToken token = new UsernamePasswordToken(account, password);
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(token);
            logger.info("用户[" + account + "]登录成功。");
        } catch (AuthenticationException e) {
            logger.info("用户[" + account + "]登录失败。");
            throw new LoginException(HttpStatusCode.ACCOUNT_PASSWORD_ERROR);
        }
        return result("用户[" + account + "]已成功登录。");
    }

    @ApiOperation(value = "验证用户是否已登录")
    @GetMapping(value = "isLogin")
    public Object isLogin() {
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            return result("用户[" + subject.getPrincipal() + "]已登录。");
        } else {
            throw new LoginException(HttpStatusCode.LOGIN_FAIL);
        }
    }

    @ApiOperation(value = "用户登出")
    @GetMapping(value = "logout")
    public Object logout() {
        Subject subject = SecurityUtils.getSubject();
        String account = subject.getPrincipal().toString();
        subject.logout();
        return result("用户[" + account + "]已退出登录。");
    }

    @ApiOperation(value = "用户未登录时跳转到的接口")
    @GetMapping("/unauthor")
    public Object unauthor() {
        return result(HttpStatusCode.UNAUTHOR);
    }

    @ApiOperation(value = "用户没有权限时跳转到的接口")
    @GetMapping("/forbidden")
    public Object forbidden() {
        return result(HttpStatusCode.FORBIDDEN);
    }
}
